- SAP Community
- Groups
- Interest Groups
- Application Development
- Discussions
- encryption of attributes in url but pass them to t...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
encryption of attributes in url but pass them to the business warehouse
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-10-2011 3:00 PM
Hi experts,
we want to call an BI-url created by the WebApplicationDesigner from a third party tool with an unnamed user. All the access actions take place in the third party tool so that diffrent users call the same url but transfer user-specific attributes to the BI, e.g. a user-ID. The called BI-report delivers results that belongs to the given attributes.
Now we face a security problem, because the url could be edited to change the attributes manually.
How can we hide or encrypt these attributes within the url and nevertheless pass them to BI? Has anyone an idea to solve this problem?
kind regards.
Ansgar
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-10-2011 3:39 PM
Hi,
This is something that can't be restricted or managed at the security end. Here are the possible options:
1. Talk to your portal developer and see if a dynamic URL can be generated while passing on to the third party application.
2. Talk to the third party application support, and see if the URL can be either masked or hided.
Hope this helps!
Regards,
Raghu
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-10-2011 3:39 PM
Hi,
This is something that can't be restricted or managed at the security end. Here are the possible options:
1. Talk to your portal developer and see if a dynamic URL can be generated while passing on to the third party application.
2. Talk to the third party application support, and see if the URL can be either masked or hided.
Hope this helps!
Regards,
Raghu
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-10-2011 9:44 PM
Plan A: If you can drop the "unnamed" requirement then the call could be executed in the user's own context, so no need to pass it as an import parameter. You will need some SSO mechanism. Here SAML has the best interoperability between platforms.
Plan B would be a call-back from BI to get the user name from 3rd party, but that is extra roundtrips.
Plan C is to harden the 3rd party system and application to pervent the user from changing inputs to the parameters passed (e.g via the URL). But this is always ugly to some extent.
Cheers,
Julius
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-12-2011 5:02 PM
Hi Julius, hi Raghu,
thx for responding. I'll try the alternatives that you suggest.
Ansgar
- SAP Managed Tags:
- Security
